sandbox/seccomp: native rule slice in helpers

These helper functions took FilterPreset as input for ease of integration. This moves them to []NativeRule. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-02 00:22:27 +09:00
parent 0c5409aec7
commit d5532aade0
6 changed files with 27 additions and 27 deletions
--- a/sandbox/seccomp/presets.go
+++ b/sandbox/seccomp/presets.go
@@ -21,7 +21,7 @@ const (
 	PresetLinux32
 )

-func preparePreset(fd int, presets FilterPreset, flags PrepareFlag) error {
+func Preset(presets FilterPreset, flags PrepareFlag) (rules []NativeRule) {
 	allowedPersonality := PER_LINUX
 	if presets&PresetLinux32 != 0 {
 		allowedPersonality = PER_LINUX32
@@ -51,7 +51,7 @@ func preparePreset(fd int, presets FilterPreset, flags PrepareFlag) error {
 		}
 	}

-	rules := make([]NativeRule, 0, l)
+	rules = make([]NativeRule, 0, l)
 	rules = append(rules, presetCommon...)
 	if presets&PresetDenyNS != 0 {
 		rules = append(rules, presetNamespace...)
@@ -75,7 +75,7 @@ func preparePreset(fd int, presets FilterPreset, flags PrepareFlag) error {
 		}
 	}

-	return Prepare(fd, rules, flags)
+	return
 }

 var (